Is Your Password Truly Safe?

July 7, 2011

“With so much of our personal information tied into online activity, how many of us actually take the time to update our accounts regularly?” This thought weighed heavily on my mind after many of our readers recently presented numerous examples where their PPC accounts had been hacked.

In one, the account had been compromised and used by the hackers to drive traffic to another search engine. These cyber-criminals were able to crack the reader’s password and add another authorized “user” to their account. This “new” user then proceeded to ring up more than $3,000 in clicks using the credit card on file, furthering the fraud.

In another example, a reader’s account had been infiltrated and the hacker updated all of the campaign URLs on file to drive traffic to their own web pages. This resulted in thousands of dollars in fraudulent advertising charges that both the advertiser and the PPC network had to resolve.

These unfortunate occurrences necessitate the question, “Have you changed the passwords for your important accounts lately?” To help in crafting strong passwords, we suggest that readers:

• Change their password every 3-6 months

• Do not use names that can be easily linked to them (including name of spouses, children, or pets).

• Whenever possible, use unique passwords for each account to limit risk. This move minimizes the impact if an account is hacked.

• Avoid using telephone numbers, birthdays, or social security numbers as these are commonly hacked.

• Do not use “password” or “admin” as an account login

• Do not save passwords in your browser as this severely impacts your security.

• Do not use your username or log in name as the password for your account.

• Create your own unique “security question” whenever possible for identity verification purposes. We share so much information online that common information like “Where I went to school” or “What is my mother’s maiden name” may be easier to find online than you think. Try “Googling” your name to view examples of what information is freely available about you.

• Use a mix of upper case, lower case, and numbers to create your passwords. Don’t limit yourself to simply numbers or letters. The use special characters like “&” or “%” can raise the strength of your password significantly. A password with 8 characters following this suggestion can take up to 2 years for a hacker to crack according to Geodsoft

These stories presented by our Ask a PPC Expert readers, as well as the recent attacks by hackers on large corporations like Sony and Sega, have caused me to seriously evaluate my online usage and password management. What about you? How often do you recommend updating the password on an account? What tips might you recommend to our readers to improve their password quality? We appreciate your feedback!